Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1152 kernel/kernel-rt security, bug fix, and enhancement update 7 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel kernel-rt Publisher: Red Hat Operating System: Red Hat Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Overwrite Arbitrary Files -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-27365 CVE-2021-27364 CVE-2021-27363 CVE-2021-26708 CVE-2021-3347 CVE-2020-28374 CVE-2020-27152 CVE-2020-0466 Reference: ESB-2021.0981 ESB-2021.0837 ESB-2021.0553 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:1093 https://access.redhat.com/errata/RHSA-2021:1081 https://access.redhat.com/errata/RHSA-2021:1071 https://access.redhat.com/errata/RHSA-2021:1070 Comment: This bulletin contains four (4) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2021:1093-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1093 Issue date: 2021-04-06 CVE Names: CVE-2020-0466 CVE-2020-27152 CVE-2020-28374 CVE-2021-3347 CVE-2021-26708 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466) * kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374) * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708) * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * Kernel: KVM: host stack overflow due to lazy update IOAPIC (CVE-2020-27152) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * race condition when creating child sockets from syncookies (BZ#1915529) * On System Z, a hash needs state randomized for entropy extraction (BZ#1915816) * scsi: target: core_tmr_abort_task() reporting multiple aborts for the same se_cmd->tag (BZ#1918354) * [mlx5] VF interface stats are not reflected in "ip -s link show" / "ifconfig <vf>" commands (BZ#1921060) * Win10 guest automatic reboot after migration in Win10 and WSL2 on Intel hosts (BZ#1923281) * [RHEL 8.3] Repeated messages - Unable to burst-read optrom segment (BZ#1924222) * Backport bug fix RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz (BZ#1924691) * [Cisco 8.3] RHEL/Cent 8.2 fNIC driver needs a patch fix that addresses crash (BZ#1925186) * RHEL8.3 - The kernel misdetects zCX with z/VM (BZ#1925508) * Backport 22e4663e91 ("mm/slub: fix panic in slab_alloc_node()") (BZ#1925511) * SCTP "Address already in use" when no active endpoints from RHEL 8.2 onwards (BZ#1927521) * lpfc: Fix initial FLOGI failure due to BBSCN not supported (BZ#1927921) * [mm] mm, oom: remove oom_lock from oom_reaper (BZ#1929738) * Unexpected thread movement with AMD Milan compared to Rome (BZ#1929740) * rpmbuild cannot build the userspace RPMs in the kernel package when the kernel itself is not built (BZ#1929910) * [Regression] RHEL8.2 - ISST-LTE:pVM:diapvmlp83:sum:memory DLPAR fails to add memory on multiple trials[mm/memory_hotplug.c:1163] (mm-) (BZ#1930168) * Configuring the system with non-RT kernel will hang the system (BZ#1930735) * Upstream Patch for Gracefully handle DMAR units with no supported address widthsx86/vt-d (BZ#1932199) * gfs2: Deadlock between gfs2_{create_inode,inode_lookup} and delete_work_func (BZ#1937109) * Failing on tsx-ctrl when the flag doesn't change anything (BZ#1939013) Enhancement(s): * RFE: Backport all Audit enhancements and fixes up to version 5.10-rc1 (BZ#1907520) * RHEL8.4: Update the target driver (BZ#1918363) * [Mellanox 8.4 FEAT] mlx5: Hairpin Support in Switch Mode (BZ#1924689) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1888886 - CVE-2020-27152 Kernel: KVM: host stack overflow due to lazy update IOAPIC 1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore 1920480 - CVE-2020-0466 kernel: use after free in eventpoll.c may lead to escalation of privilege 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state 1925588 - CVE-2021-26708 kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kernel-4.18.0-240.22.1.el8_3.src.rpm aarch64: bpftool-4.18.0-240.22.1.el8_3.aarch64.rpm bpftool-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-core-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-cross-headers-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-debug-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-debug-core-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-debug-devel-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-debug-modules-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-devel-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-headers-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-modules-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-modules-extra-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-tools-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-tools-libs-4.18.0-240.22.1.el8_3.aarch64.rpm perf-4.18.0-240.22.1.el8_3.aarch64.rpm perf-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm python3-perf-4.18.0-240.22.1.el8_3.aarch64.rpm python3-perf-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-240.22.1.el8_3.noarch.rpm kernel-doc-4.18.0-240.22.1.el8_3.noarch.rpm ppc64le: bpftool-4.18.0-240.22.1.el8_3.ppc64le.rpm bpftool-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-core-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-cross-headers-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-debug-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-debug-core-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-debug-devel-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-debug-modules-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-devel-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-headers-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-modules-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-modules-extra-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-tools-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-tools-libs-4.18.0-240.22.1.el8_3.ppc64le.rpm perf-4.18.0-240.22.1.el8_3.ppc64le.rpm perf-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm python3-perf-4.18.0-240.22.1.el8_3.ppc64le.rpm python3-perf-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm s390x: bpftool-4.18.0-240.22.1.el8_3.s390x.rpm bpftool-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm kernel-4.18.0-240.22.1.el8_3.s390x.rpm kernel-core-4.18.0-240.22.1.el8_3.s390x.rpm kernel-cross-headers-4.18.0-240.22.1.el8_3.s390x.rpm kernel-debug-4.18.0-240.22.1.el8_3.s390x.rpm kernel-debug-core-4.18.0-240.22.1.el8_3.s390x.rpm kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm kernel-debug-devel-4.18.0-240.22.1.el8_3.s390x.rpm kernel-debug-modules-4.18.0-240.22.1.el8_3.s390x.rpm kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.s390x.rpm kernel-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-240.22.1.el8_3.s390x.rpm kernel-devel-4.18.0-240.22.1.el8_3.s390x.rpm kernel-headers-4.18.0-240.22.1.el8_3.s390x.rpm kernel-modules-4.18.0-240.22.1.el8_3.s390x.rpm kernel-modules-extra-4.18.0-240.22.1.el8_3.s390x.rpm kernel-tools-4.18.0-240.22.1.el8_3.s390x.rpm kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm kernel-zfcpdump-4.18.0-240.22.1.el8_3.s390x.rpm kernel-zfcpdump-core-4.18.0-240.22.1.el8_3.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm kernel-zfcpdump-devel-4.18.0-240.22.1.el8_3.s390x.rpm kernel-zfcpdump-modules-4.18.0-240.22.1.el8_3.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-240.22.1.el8_3.s390x.rpm perf-4.18.0-240.22.1.el8_3.s390x.rpm perf-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm python3-perf-4.18.0-240.22.1.el8_3.s390x.rpm python3-perf-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm x86_64: bpftool-4.18.0-240.22.1.el8_3.x86_64.rpm bpftool-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-core-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-cross-headers-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debug-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debug-core-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debug-devel-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debug-modules-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-devel-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-headers-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-modules-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-modules-extra-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-tools-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-tools-libs-4.18.0-240.22.1.el8_3.x86_64.rpm perf-4.18.0-240.22.1.el8_3.x86_64.rpm perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm python3-perf-4.18.0-240.22.1.el8_3.x86_64.rpm python3-perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: bpftool-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm kernel-tools-libs-devel-4.18.0-240.22.1.el8_3.aarch64.rpm perf-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm python3-perf-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm kernel-tools-libs-devel-4.18.0-240.22.1.el8_3.ppc64le.rpm perf-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm python3-perf-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-tools-libs-devel-4.18.0-240.22.1.el8_3.x86_64.rpm perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm python3-perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-0466 https://access.redhat.com/security/cve/CVE-2020-27152 https://access.redhat.com/security/cve/CVE-2020-28374 https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/cve/CVE-2021-26708 https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYGxuX9zjgjWX9erEAQjjwA//eytWPJuijFL/ECxnISUNZ9i41Ff8r/zg SWX8qN9lO2NJZCfHffhQlUeP+tGVKjYQ4XLeUZ0qCpC1tElApZsjzQY85HufOksI xo99uDI4kC2bn16kcRbKUBahfSsEMF4tjXKkfU08R4hXOmuBYIVfcs/QjhVWpy3I NALgTd56ZzHFYB24oVraZ9l35GAWmM7fdMvXJGGus1QFNjjoKCiyL3gHP/82g6wn vMTtQDiO3fTIAUM1KV0oi3eUPComfpAyAjTwNf3q5Xp30efAvXVLAg6QpN4lpjZ8 z4BpngPb6LovLdc9k9XE86ubLQfpK3J9wTVXaVdWRD8L+k89pJtFTor/E5qRBvEC lvq1BrELiWruuVLIOP27TDKzy7dGd20Qn5f3YyQaCBuwsw+XgnKijtbc8vaN6VT8 q78QZh1Exp5V5DNQaLkjYSWDkoX8BogbJ7+t7aSsOPgWd05zsN6bhxAR37vIzH9m nolQ092zF3U5l86Rpwfb8ZEoPF2n6wu0ORXyJNeXN2WJaf3cPGpQMu0KR/cLBGEf 0J3tDRKuh3++AZmQHYXSM4Q6SlsOYpRb4eGeHSuGcIjQbiIyhJMr8JCdJ307dGK1 2G/bRrJ8gPqTBSeICMuUkSMkRPzEhnZKUQzNMfMmYxFAjBUaQBSnD2D/3ZdnjIXJ P3ZmzmeD/BA= =eIA0 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2021:1081-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1081 Issue date: 2021-04-06 CVE Names: CVE-2020-0466 CVE-2020-27152 CVE-2020-28374 CVE-2021-3347 CVE-2021-26708 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Real Time (v. 8) - x86_64 Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466) * kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374) * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708) * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * Kernel: KVM: host stack overflow due to lazy update IOAPIC (CVE-2020-27152) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt possible livelock: WARNING: CPU: 28 PID: 3109 at kernel/ptrace.c:242 ptrace_check_attach+0xdd/0x1a0 (BZ#1925308) * kernel-rt: update RT source tree to the RHEL-8.3.z3 source tree (BZ#1926369) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1888886 - CVE-2020-27152 Kernel: KVM: host stack overflow due to lazy update IOAPIC 1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore 1920480 - CVE-2020-0466 kernel: use after free in eventpoll.c may lead to escalation of privilege 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state 1925588 - CVE-2021-26708 kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c 1926369 - kernel-rt: update RT source tree to the RHEL-8.3.z3 source tree 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux Real Time for NFV (v. 8): Source: kernel-rt-4.18.0-240.22.1.rt7.77.el8_3.src.rpm x86_64: kernel-rt-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-core-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debug-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debug-core-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debug-devel-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debug-kvm-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debug-modules-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debuginfo-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-devel-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-kvm-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-modules-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-modules-extra-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm Red Hat Enterprise Linux Real Time (v. 8): Source: kernel-rt-4.18.0-240.22.1.rt7.77.el8_3.src.rpm x86_64: kernel-rt-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-core-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debug-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debug-core-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debug-devel-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debug-modules-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debuginfo-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-devel-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-modules-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm kernel-rt-modules-extra-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-0466 https://access.redhat.com/security/cve/CVE-2020-27152 https://access.redhat.com/security/cve/CVE-2020-28374 https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/cve/CVE-2021-26708 https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYGxpNtzjgjWX9erEAQgpJg//W6iBKw5074KsHQzIOPiURc3w69o9gyIs yE7H0cLNIlUbfwMviXftPJzbPxAwasrqB7hQEcc9mqGFlxefWYCBBOSOkBn8wx9o +7bE6ZIKSEIN9rdHERsZdPMmP/kHbUmRgdo61jjZyQuUFfIZgjvJr8HkbeCEVzry TXqn4l5z230kRndXYO1hKIiWYCxMklKA0DY76CqPkAFMiLYf81TGY9cXdmvuBWkW TX42ufpPELH1E1z2x3DvsN4xK/wn6QPY3OYzEMk29C1LuKfylbXlGayL0eQNQAji UlE49OCvIeToqS4xCwlQTtOSDGtZkGX9WFpBXt8EGnJ/YDMRoxpxSYgqemqfDr+X XVhDcgXoAU5l+GJPD45dIWq7Gh/eAXZFV+jz4FtMU1oL2w+lR/eGCChEDG2GwTgl s9MhSz6BswbAWqdWYnAlzlcp/u7HsIku2a0puAJDpZO2TU1MPkitr3sHSc2XnCtg b8kbGtrS8QS9VckSGMAviuOZgpNDHKYTMGobyU5vnfgPPjhH3Z14CUoogGgVNvoA 3BdtyzVfB9uHhSSoRaLggUrOoPAxvlc5nfKGaFTyDkbVWmqOPdDPi7/Z6wJXwEkw vo6ExIPYJiAb05SuY+X0cJkCezokU8K5N0wFhj89t+BAbj5/IMiir2wwYGif4Hsb AAihwVSfz0U= =X3VJ - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:1071-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1071 Issue date: 2021-04-06 CVE Names: CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Customer testing eMMC sees and intermittent boot problem on 7.8+, was not seen on 7.3 (BZ#1918916) * tcm loopback driver causes double-start of scsi command when work is delayed (BZ#1925652) * [Azure][RHEL-7]Mellanox Patches To Prevent Kernel Hang In MLX4 (BZ#1925691) * A patch from upstream c365c292d059 causes us to end up leaving rt_nr_boosted in an inconsistent state, which causes a hard lockup. (BZ#1928082) * [RHEL7.9.z] Add fix to update snd_wl1 in bulk receiver fast path (BZ#1929804) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1160.24.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.24.1.el7.noarch.rpm kernel-doc-3.10.0-1160.24.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.24.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.24.1.el7.x86_64.rpm perf-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1160.24.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.24.1.el7.noarch.rpm kernel-doc-3.10.0-1160.24.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.24.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.24.1.el7.x86_64.rpm perf-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1160.24.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.24.1.el7.noarch.rpm kernel-doc-3.10.0-1160.24.1.el7.noarch.rpm ppc64: bpftool-3.10.0-1160.24.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-3.10.0-1160.24.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debug-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.24.1.el7.ppc64.rpm kernel-devel-3.10.0-1160.24.1.el7.ppc64.rpm kernel-headers-3.10.0-1160.24.1.el7.ppc64.rpm kernel-tools-3.10.0-1160.24.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.24.1.el7.ppc64.rpm perf-3.10.0-1160.24.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm python-perf-3.10.0-1160.24.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1160.24.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debug-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-devel-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-headers-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-tools-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.24.1.el7.ppc64le.rpm perf-3.10.0-1160.24.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm python-perf-3.10.0-1160.24.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm s390x: bpftool-3.10.0-1160.24.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm kernel-3.10.0-1160.24.1.el7.s390x.rpm kernel-debug-3.10.0-1160.24.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.24.1.el7.s390x.rpm kernel-devel-3.10.0-1160.24.1.el7.s390x.rpm kernel-headers-3.10.0-1160.24.1.el7.s390x.rpm kernel-kdump-3.10.0-1160.24.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.24.1.el7.s390x.rpm perf-3.10.0-1160.24.1.el7.s390x.rpm perf-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm python-perf-3.10.0-1160.24.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm x86_64: bpftool-3.10.0-1160.24.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.24.1.el7.x86_64.rpm perf-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.24.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.24.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.24.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1160.24.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.24.1.el7.noarch.rpm kernel-doc-3.10.0-1160.24.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.24.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.24.1.el7.x86_64.rpm perf-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYGwp7tzjgjWX9erEAQgQXQ//b1YLCLj3RXDop9pRP30zQj7xj3xDYBK5 7FLTR7K6HVYynrzKBJ87TyJkuhaPpTi8452HYHjLaYt6VYa+j1Jr+PVQr+ZaO+Rz iSRl3Sr5NYynAt9g2vNp6tfeeYPddVSpDpxkUr84EDRZ9Jg8tYtLkanRT9cH02gs +TYPCUZn/2Ii6YQjksIZmv6VVUZepMaO/kDDEi89ivGCffaMvS70Z86498XawgeM eJttBvztEv5K6wvaRtnJegmeonYKxouP1FYDyXh+WAG6zjQDcUEWUKgwdGGn+mXb k4T6F/ktCAx7wSKgt4kMvVmvzOc5jScJ2V0aK3rvm5LnqHoNin5syGOIHm6BM5Jp KTO6MGa9ex7xQdz/pNU/4aqxtKK0G4ceL8xjEGpei5U0gIEXuK4KFySa1bDQa2Xd eN2VtwzajY2tvCe7FrKuwKGb6HyIQK39C8hUHsD2x+JwLCxb12DWBY0ulJzh2C2l LPwWFWMhJqH2GG2wIKh6msCQOMJOGO3zwLtkGMj5dXrmDBHhkkT1FZnL0DdDxL3m JGija+Tr50EFGBFZvS1brChBEqwHqklkUQ3nWVXDj8ipRXJMOOGHbssw9FqnX01B qF414rmDTU1tBHc7bPo8/q5zMXKV5vOixRplzs0sw0hlBJKjvlpVpDMiseo3crlj ghAOW9EzFXk= =pxZs - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2021:1070-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1070 Issue date: 2021-04-06 CVE Names: CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RHEL7.9 Realtime crashes due to a blocked task detection. The blocked task is stuck in unregister_shrinker() where multiple tasks have taken the shrinker_rwsem and are fighting on a dentry's d_lockref lock rt_mutex. [kernel-rt] (BZ#1935557) * kernel-rt: update to the latest RHEL7.9.z5 source tree (BZ#1939220) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1160.24.1.rt56.1161.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-kvm-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm Red Hat Enterprise Linux for Real Time (v. 7): Source: kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1160.24.1.rt56.1161.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYGwUItzjgjWX9erEAQjxsA//SlDSD/SJHCxceZvPrzgBTa7x6icArqhH 08++iBcxQ924tX3O9AizfbKGi4SfixaLnkTK/ZmucTD1nctMxvbQU/bSwnqT6NEv SIEMMhxnwCG09utCX1hlKMjOjtwT53oapInBu8svGowlXzOg4WSzBLv5q7A7QmuQ uFkSrymbQvoGVsDW3cee2xksPtHDuXg7rsNrnr5sfpyY0qrONgiy9WnhR4C/fCw3 uG/kedTHM4tTT0+8JgC4hfiAOZSSf6cowobPkE/kmOGxmUdLC8G4aRNQzOP/PPyp MXQfo77P5Oq8FDt28DqlTTxu589YKUiY0/QtiCy4+nKMQ3eCFu6MK8es20VEamrk CSr8Ms5OzUbAgEwlQnqcKjaXqEa6Z10SrqgL6tVYQmnqmO5y8XcnAJTNN8aAjvWj 6FoTLwpcGkNuL6ctaUjf8+tv/ybZG5OTLgvBto8pmS4pQBldxsn5MJUERye3POes lh6QZtE3x59NsuDV0nczleVHO7pHbgpe5EiNXufRIVp9VvH6VU3JArSFq5GOwqNC TRei+AumL9AL9cUWUE50DR3aBiPvXUbYabz8v0e5fPeXl/EkQAiypT4l82bxwoqI l7CV1v62LoyfaPfHq34dPZA8I4BAdqorDYSDbtcgkOO1W1T4NeNOIBRJn6J/n8QW r8zE0R3Ih9M= =OvRU - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYGz3f+NLKJtyKPYoAQgclRAAqFq6VP8dXBiHmHyBjjfuH5kZ06qkaLAe fGi0M72gYnFS2LTwDT1IKOI+SAown6mKQvRhw3NkXMvGQH/JL8GUA0WIKWjKoRiu v8usNxldoFED70IjUGnu/17w9QMv7ieY0ZI5jhELAsW8kITX3sOppDl0mbP4J+Yy hAr+y6DU0DGgtg4s5Nvqr/isLdadCcGm9Oo0HIkOh3n67iFCROmQQnoYYvDkRlkm GWG2JaC3KgrK6f9uXSIM0SjznqKncTPCE0gh2lqWs6KULjcF9I8YX9JOjIh05LZR Vqlh3dpPxJQJ3w5vbIEAoQGV6ukTRHQAeccIbt502NcZybSfwupO1htEmEe9kiiO uCBdLyqlzJoJFKMWz4YTqCTk68KgV46oVafW05zq6nqiycQAIzMKb2bv4/C63ump 66nvspIZVkSY/f0VKpQTwTFFVVUCtkXxbOfHSiysh9uHmIg9Lw1dE9mjWtht5bi3 4E6NQYanyPpx8frofu3dqMdrfccLjDcUeZyL4INPVwr/PQUgZukyznXXhNL/AVk6 NSj2kaWHCIXPnMd0SS+eoSzBHuX5eo5tkNHe69M1skt/RKLRxs2+fkTNhQryfn+G REOOTPs0vlvJ7J/8SDk1FH5qp7taVZj03mxWJdUOmRHyNLDsdpeYcpCX5V62khws 1qnvN98s4TU= =G68R -----END PGP SIGNATURE-----